600,000+ Bots Behind Latest Mac Virus

April 09, 2012 /

Several months after the disappearance of a fake anti-virus applications for OS X that followed the arrest of Russian cybercriminal, Pavel Vrublevsky, another widespread malware infections are affecting users of Apple’s vulnerable operating system.

The new Mac virus does not appear to rely on social engineering or human error. According to Graham Cluley of Sophos, cybercriminals have begun to use drive-by vulnerability in Java, leaving Apple users dangerously exposed to attack.

Cluley wrote: “The new Mac malware exploits a Java vulnerability (known as CVE-2012-0507), that Apple users are still not patched against.

“Apple users won’t feel any consolation at all in the knowledge that their Windows cousins have been protected against the flaw since February.”

On April 4 Apple has released a new version of Java for OS X 10.6 (Snow Leopard) and 10.7 (Lion), updating Java to version 6 update 31.

However, Dr. Web, an anti-virus vendor, has reported that more than 600,000 OS X users are part of the new Mac virus, “Flashback”, including 274 from Cupertino, California.

The Flashback malware being distributed by this exploit is referred to as a “downloader”. It does not harm the system, but compromises it and downloads a further payload that enables the attackers to do anything they desire.

There are two primary payloads associated with this attack. One is a data stealing Trojan that steals passwords and banking information from Safari. The other redirects search engine users to perform advertising fraud or direct victims to malicious content.

Sophos said: “First and foremost Mac users need to be sure they have installed the latest security patches from Apple.

“Second, Mac users can no longer rely on simply updating their computers. Preventative protection is an essential defense mechanism to detect and thwart future attacks.”